Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1,385 articles for you...
172
security advisorycriticalprivilege escalationUbuntu 24.04 LTS Linux Kernel Critical Security Issues Vuln 8373-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8373-1 June 02, 2026 linux, linux-aws, linux-aws-6.8, linux-aws-fips, linux-azure, linux-fips, linux-gcp, linux-gcp-6.8, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-ibm-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-nvidia-tegra, linux-oracle, linux-oracle-6.8, linux-raspi, linux-raspi-realtime, linux-realtime, linux-realtime-6.8 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-fips: Linux kernel with FIPS - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS - linux-gke: Linux kernel for Google Container Engine (GKE) systems - linux-gkeop: Linux kernel for Google Container Engine (GKE) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-nvidia: Linux kernel for NVIDIA systems - linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems - linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-realtime: Linux kernel for Raspberry Pi Real-time systems - linux-realtime: Linux kernel for Real-time systems - linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-6.8: Linux hardware enablement (HWE) kernel -linux-ibm-6.8: Linux kernel for IBM cloud systems - linux-nvidia-6.8: Linux kernel for NVIDIA systems - linux-oracle-6.8: Linux kernel for Oracle Cloud systems - linux-realtime-6.8: Linux kernel for Real-time systems Details: It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a memory leak when handling AppArmor notifications. A local attacker could use this to cause resource exhaustion. (CVE-2026-47326) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel oops. (CVE-2026-47327) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an invalid free when handling AppArmor notifications. A local attacker could use this to corrupt kernel memory. (CVE-2026-47328) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained insufficient validation of AppArmor notification responses. A local attacker could use this to allow crafted responses to beprocessed. (CVE-2026-47329) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used an uninitialized variable when handling AppArmor notifications. A local attacker could use this to cause incorrect caching of data. (CVE-2026-47330) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a use- after-free (UAF) bug. A local attacker could use this to cause memory corruption and, theoretically, arbitrary code execution. (CVE-2026-47331) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause information disclosure of kernel memory. (CVE-2026-47332) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause kernel memory corruption and, theoretically, influence processing of AppArmor policies. (CVE-2026-47333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained incorrect holding of locks when handling AppArmor notifications. A local attacker could use this to cause a kernel panic or deadlock. (CVE-2026-47334) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel panic. (CVE-2026-47335) Tristan Madani discovered that Ubuntu Linux kernel 6.8 used an uninitialized variable when handling AppArmor AF_INET/AF_INET6 socket mediation. A local attacker could use this to influence processing of fine- grained network socket mediation. (CVE-2026-47336) Tristan Madani and Trevor Lawrence have each independently discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference when handling AppArmor network socket mediation. A local attacker could use this to cause a kernel oops. (CVE-2026-47337) Several security issues were discovered in the Linux kernel. Anattacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RDS protocol; - RxRPC session sockets; (CVE-2026-31676, CVE-2026-43494) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.8.0-1026-nvidia-tegra 6.8.0-1026.26 linux-image-6.8.0-1026-nvidia-tegra-rt 6.8.0-1026.26 linux-image-6.8.0-1042-gkeop 6.8.0-1042.45 linux-image-6.8.0-1054-oracle 6.8.0-1054.55 linux-image-6.8.0-1054-oracle-64k 6.8.0-1054.55 linux-image-6.8.0-1055-gke 6.8.0-1055.61 linux-image-6.8.0-1055-gke-64k 6.8.0-1055.61 linux-image-6.8.0-1055-nvidia 6.8.0-1055.58 linux-image-6.8.0-1055-nvidia-64k 6.8.0-1055.58 linux-image-6.8.0-1055-nvidia-lowlatency 6.8.0-1055.58.1 linux-image-6.8.0-1055-nvidia-lowlatency-64k 6.8.0-1055.58.1 linux-image-6.8.0-1057-aws 6.8.0-1057.60 linux-image-6.8.0-1057-aws-64k 6.8.0-1057.60 linux-image-6.8.0-1057-aws-fips 6.8.0-1057.60+fips1 Available with Ubuntu Pro linux-image-6.8.0-1057-ibm 6.8.0-1057.58 linux-image-6.8.0-1057-raspi 6.8.0-1057.61 linux-image-6.8.0-1058-azure 6.8.0-1058.64 linux-image-6.8.0-1060-gcp 6.8.0-1060.63 linux-image-6.8.0-1060-gcp-64k 6.8.0-1060.63 linux-image-6.8.0-1060-gcp-fips 6.8.0-1060.63+fips1 Available with Ubuntu Pro linux-image-6.8.0-124-fips 6.8.0-124.124+fips1 Available with Ubuntu Pro linux-image-6.8.0-124-generic 6.8.0-124.124 linux-image-6.8.0-124-generic-64k 6.8.0-124.124 linux-image-6.8.0-2046-raspi-realtime 6.8.0-2046.47 Available with Ubuntu Pro linux-image-6.8.1-1052-realtime 6.8.1-1052.53 Available with Ubuntu Pro linux-image-aws-6.8 6.8.0-1057.60 linux-image-aws-64k-6.8 6.8.0-1057.60 linux-image-aws-64k-lts-24.04 6.8.0-1057.60 linux-image-aws-fips 6.8.0-1057.60+fips1 Available with Ubuntu Pro linux-image-aws-fips-6.8 6.8.0-1057.60+fips1 Available with Ubuntu Pro linux-image-aws-lts-24.04 6.8.0-1057.60 linux-image-azure-6.8 6.8.0-1058.64 linux-image-azure-lts-24.04 6.8.0-1058.64 linux-image-fips 6.8.0-124.124+fips1 Available with Ubuntu Pro linux-image-fips-6.8 6.8.0-124.124+fips1 Available with Ubuntu Pro linux-image-gcp-6.8 6.8.0-1060.63 linux-image-gcp-64k-6.8 6.8.0-1060.63 linux-image-gcp-64k-lts-24.04 6.8.0-1060.63 linux-image-gcp-fips 6.8.0-1060.63+fips1 Available with Ubuntu Pro linux-image-gcp-fips-6.8 6.8.0-1060.63+fips1 Available with Ubuntu Pro linux-image-gcp-lts-24.04 6.8.0-1060.63 linux-image-generic 6.8.0-124.124 linux-image-generic-6.8 6.8.0-124.124 linux-image-generic-64k 6.8.0-124.124 linux-image-generic-64k-6.8 6.8.0-124.124 linux-image-generic-lpae 6.8.0-124.124 linux-image-gke 6.8.0-1055.61 linux-image-gke-6.8 6.8.0-1055.61 linux-image-gke-64k 6.8.0-1055.61 linux-image-gke-64k-6.8 6.8.0-1055.61 linux-image-gkeop 6.8.0-1042.45 linux-image-gkeop-6.8 6.8.0-1042.45 linux-image-ibm 6.8.0-1057.58 linux-image-ibm-6.8 6.8.0-1057.58 linux-image-ibm-classic 6.8.0-1057.58 linux-image-ibm-lts-24.04 6.8.0-1057.58 linux-image-intel-iot-realtime 6.8.1-1052.53 Available with Ubuntu Pro linux-image-intel-iotg 6.8.0-124.124 linux-image-kvm 6.8.0-124.124 linux-image-nvidia 6.8.0-1055.58 linux-image-nvidia-6.8 6.8.0-1055.58 linux-image-nvidia-64k 6.8.0-1055.58 linux-image-nvidia-64k-6.8 6.8.0-1055.58 linux-image-nvidia-lowlatency 6.8.0-1055.58.1 linux-image-nvidia-lowlatency-6.8 6.8.0-1055.58.1 linux-image-nvidia-lowlatency-64k 6.8.0-1055.58.1 linux-image-nvidia-lowlatency-64k-6.8 6.8.0-1055.58.1 linux-image-nvidia-tegra 6.8.0-1026.26 linux-image-nvidia-tegra-6.8 6.8.0-1026.26 linux-image-nvidia-tegra-rt 6.8.0-1026.26 linux-image-nvidia-tegra-rt-6.8 6.8.0-1026.26 linux-image-oracle-6.8 6.8.0-1054.55 linux-image-oracle-64k-6.8 6.8.0-1054.55 linux-image-oracle-64k-lts-24.04 6.8.0-1054.55 linux-image-oracle-lts-24.04 6.8.0-1054.55 linux-image-raspi 6.8.0-1057.61 linux-image-raspi-6.8 6.8.0-1057.61 linux-image-raspi-realtime 6.8.0-2046.47 Available with Ubuntu Pro linux-image-raspi-realtime-6.8 6.8.0-2046.47 Available with Ubuntu Pro linux-image-realtime 6.8.1-1052.53 Available with Ubuntu Pro linux-image-realtime-6.8.1 6.8.1-1052.53 Available with Ubuntu Pro linux-image-virtual 6.8.0-124.124 linux-image-virtual-6.8 6.8.0-124.124 Ubuntu 22.04 LTS linux-image-6.8.0-1054-oracle 6.8.0-1054.55~22.04.1 linux-image-6.8.0-1054-oracle-64k 6.8.0-1054.55~22.04.1 linux-image-6.8.0-1055-nvidia 6.8.0-1055.58~22.04.1 linux-image-6.8.0-1055-nvidia-64k 6.8.0-1055.58~22.04.1 linux-image-6.8.0-1057-aws 6.8.0-1057.60~22.04.1 linux-image-6.8.0-1057-aws-64k 6.8.0-1057.60~22.04.1 linux-image-6.8.0-1057-ibm 6.8.0-1057.58~22.04.1 linux-image-6.8.0-1060-gcp 6.8.0-1060.63~22.04.1 linux-image-6.8.0-1060-gcp-64k 6.8.0-1060.63~22.04.1 linux-image-6.8.0-124-generic 6.8.0-124.124~22.04.1 linux-image-6.8.0-124-generic-64k 6.8.0-124.124~22.04.1 linux-image-6.8.1-1052-realtime 6.8.1-1052.53~22.04.1 Available with Ubuntu Pro linux-image-aws 6.8.0-1057.60~22.04.1 linux-image-aws-6.8 6.8.0-1057.60~22.04.1 linux-image-aws-64k 6.8.0-1057.60~22.04.1 linux-image-aws-64k-6.8 6.8.0-1057.60~22.04.1 linux-image-gcp 6.8.0-1060.63~22.04.1 linux-image-gcp-6.8 6.8.0-1060.63~22.04.1 linux-image-gcp-64k 6.8.0-1060.63~22.04.1 linux-image-gcp-64k-6.8 6.8.0-1060.63~22.04.1 linux-image-generic-6.8 6.8.0-124.124~22.04.1 linux-image-generic-64k-6.8 6.8.0-124.124~22.04.1 linux-image-generic-64k-hwe-22.04 6.8.0-124.124~22.04.1 linux-image-generic-hwe-22.04 6.8.0-124.124~22.04.1 linux-image-ibm-6.8 6.8.0-1057.58~22.04.1 linux-image-nvidia-6.8 6.8.0-1055.58~22.04.1 linux-image-nvidia-64k-6.8 6.8.0-1055.58~22.04.1 linux-image-nvidia-64k-hwe-22.04 6.8.0-1055.58~22.04.1 linux-image-nvidia-hwe-22.04 6.8.0-1055.58~22.04.1 linux-image-oem-22.04 6.8.0-124.124~22.04.1 linux-image-oem-22.04a 6.8.0-124.124~22.04.1 linux-image-oem-22.04b 6.8.0-124.124~22.04.1 linux-image-oem-22.04c 6.8.0-124.124~22.04.1 linux-image-oem-22.04d 6.8.0-124.124~22.04.1 linux-image-oracle 6.8.0-1054.55~22.04.1 linux-image-oracle-6.8 6.8.0-1054.55~22.04.1 linux-image-oracle-64k 6.8.0-1054.55~22.04.1 linux-image-oracle-64k-6.8 6.8.0-1054.55~22.04.1 linux-image-realtime-6.8.1 6.8.1-1052.53~22.04.1 Available with Ubuntu Pro linux-image-realtime-hwe-22.04 6.8.1-1052.53~22.04.1 Available with Ubuntu Pro linux-image-virtual-6.8 6.8.0-124.124~22.04.1 linux-image-virtual-hwe-22.04 6.8.0-124.124~22.04.1 After a standard system updateyou need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8373-1 CVE-2026-31676, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46300, CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328, CVE-2026-47329, CVE-2026-47330, CVE-2026-47331, CVE-2026-47332, CVE-2026-47333, CVE-2026-47334, CVE-2026-47335, CVE-2026-47336, CVE-2026-47337 Package Information: https://launchpad.net/ubuntu/+source/linux/6.8.0-124.124 https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1057.60 https://launchpad.net/ubuntu/+source/linux-aws-fips/6.8.0-1057.60+fips1 https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1058.64 https://launchpad.net/ubuntu/+source/linux-fips/6.8.0-124.124+fips1 https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1060.63 https://launchpad.net/ubuntu/+source/linux-gcp-fips/6.8.0-1060.63+fips1 https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1055.61 https://launchpad.net/ubuntu/+source/linux-gkeop/6.8.0-1042.45 https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1057.58 https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1055.58 https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1055.58.1 https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/6.8.0-1026.26 https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1054.55 https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1057.61 https://launchpad.net/ubuntu/+source/linux-raspi-realtime/6.8.0-2046.47 https://launchpad.net/ubuntu/+source/linux-realtime/6.8.1-1052.53 https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1057.60~22.04.1 https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1060.63~22.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-124.124~22.04.1 https://launchpad.net/ubuntu/+source/linux-ibm-6.8/6.8.0-1057.58~22.04.1 https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1055.58~22.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-6.8/6.8.0-1054.55~22.04.1 https://launchpad.net/ubuntu/+source/linux-realtime-6.8/6.8.1-1052.53~22.04.1 . Critical security issues in Ubuntu's Linux kernel require immediate attention to prevent exploitation and system compromise.. Ubuntu kernel updates, Linux security, privilege escalation, memory management issues. . Severity: Critical. LinuxSecurity.com Team
Jun 02, 2026
•Critical
Ubuntu
172
security advisoryUbuntumemory leakUbuntu 25.10 24.04 LTS Linux Kernel Security Fixes USN-8371-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8371-1 June 02, 2026 linux, linux-aws, linux-azure, linux-azure-6.17, linux-hwe-6.17, linux-nvidia-6.17, linux-oem-6.17, linux-oracle, linux-oracle-6.17, linux-raspi, linux-realtime, linux-realtime-6.17 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-realtime: Linux kernel for Real-time systems - linux-azure-6.17: Linux kernel for Microsoft Azure cloud systems - linux-hwe-6.17: Linux hardware enablement (HWE) kernel - linux-nvidia-6.17: Linux kernel for NVIDIA systems - linux-oem-6.17: Linux kernel for OEM systems - linux-oracle-6.17: Linux kernel for Oracle Cloud systems - linux-realtime-6.17: Linux kernel for Real-time systems Details: It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualysdiscovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a memory leak when handling AppArmor notifications. A local attacker could use this to cause resource exhaustion. (CVE-2026-47326) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel oops. (CVE-2026-47327) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an invalid free when handling AppArmor notifications. A local attacker could use this to corrupt kernel memory. (CVE-2026-47328) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained insufficient validation of AppArmor notification responses. A local attacker could use this to allow crafted responses to be processed. (CVE-2026-47329) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used an uninitialized variable when handling AppArmor notifications. A local attacker could use this to cause incorrect caching of data. (CVE-2026-47330) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause information disclosure of kernel memory. (CVE-2026-47332) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause kernel memory corruption and, theoretically, influence processing of AppArmor policies. (CVE-2026-47333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained incorrect holding of locks when handling AppArmor notifications. A local attacker could use this to cause a kernelpanic or deadlock. (CVE-2026-47334) Tristan Madani and Trevor Lawrence have each independently discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference when handling AppArmor network socket mediation. A local attacker could use this to cause a kernel oops. (CVE-2026-47337) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RDS protocol; - RxRPC session sockets; (CVE-2026-31676, CVE-2026-43494) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 linux-image-6.17.0-1014-realtime 6.17.0-1014.16 linux-image-6.17.0-1016-oracle 6.17.0-1016.16 linux-image-6.17.0-1016-oracle-64k 6.17.0-1016.16 linux-image-6.17.0-1017-aws 6.17.0-1017.17 linux-image-6.17.0-1017-aws-64k 6.17.0-1017.17 linux-image-6.17.0-1017-azure 6.17.0-1017.17 linux-image-6.17.0-1018-raspi 6.17.0-1018.18 linux-image-6.17.0-35-generic 6.17.0-35.35 linux-image-6.17.0-35-generic-64k 6.17.0-35.35 linux-image-aws 6.17.0-1017.17 linux-image-aws-6.17 6.17.0-1017.17 linux-image-aws-64k 6.17.0-1017.17 linux-image-aws-64k-6.17 6.17.0-1017.17 linux-image-azure 6.17.0-1017.17 linux-image-azure-6.17 6.17.0-1017.17 linux-image-generic 6.17.0-35.35 linux-image-generic-6.17 6.17.0-35.35 linux-image-generic-64k 6.17.0-35.35 linux-image-generic-64k-6.17 6.17.0-35.35 linux-image-oracle 6.17.0-1016.16 linux-image-oracle-6.17 6.17.0-1016.16 linux-image-oracle-64k 6.17.0-1016.16 linux-image-oracle-64k-6.17 6.17.0-1016.16 linux-image-raspi 6.17.0-1018.18 linux-image-raspi-6.17 6.17.0-1018.18 linux-image-realtime 6.17.0-1014.16 linux-image-realtime-6.17 6.17.0-1014.16 linux-image-virtual 6.17.0-35.35 linux-image-virtual-6.17 6.17.0-35.35 Ubuntu 24.04 LTS linux-image-6.17.0-1014-realtime 6.17.0-1014.16~24.04.1 Available with Ubuntu Pro linux-image-6.17.0-1016-oracle 6.17.0-1016.16~24.04.1 linux-image-6.17.0-1016-oracle-64k 6.17.0-1016.16~24.04.1 linux-image-6.17.0-1017-azure 6.17.0-1017.17~24.04.1 linux-image-6.17.0-1021-nvidia 6.17.0-1021.21 linux-image-6.17.0-1021-nvidia-64k 6.17.0-1021.21 linux-image-6.17.0-1024-oem 6.17.0-1024.24 linux-image-6.17.0-35-generic 6.17.0-35.35~24.04.1 linux-image-6.17.0-35-generic-64k 6.17.0-35.35~24.04.1 linux-image-azure 6.17.0-1017.17~24.04.1 linux-image-azure-6.17 6.17.0-1017.17~24.04.1 linux-image-generic-6.17 6.17.0-35.35~24.04.1 linux-image-generic-64k-6.17 6.17.0-35.35~24.04.1 linux-image-generic-64k-hwe-24.04 6.17.0-35.35~24.04.1 linux-image-generic-hwe-24.04 6.17.0-35.35~24.04.1 linux-image-nvidia-6.17 6.17.0-1021.21 linux-image-nvidia-64k-6.17 6.17.0-1021.21 linux-image-nvidia-64k-hwe-24.04 6.17.0-1021.21 linux-image-nvidia-hwe-24.04 6.17.0-1021.21 linux-image-oem-24.04 6.17.0-1024.24 linux-image-oem-24.04a 6.17.0-1024.24 linux-image-oem-24.04b 6.17.0-1024.24 linux-image-oem-24.04c 6.17.0-1024.24 linux-image-oem-24.04d 6.17.0-1024.24 linux-image-oem-6.17 6.17.0-1024.24 linux-image-oracle 6.17.0-1016.16~24.04.1 linux-image-oracle-6.17 6.17.0-1016.16~24.04.1 linux-image-oracle-64k 6.17.0-1016.16~24.04.1 linux-image-oracle-64k-6.17 6.17.0-1016.16~24.04.1 linux-image-realtime-6.17 6.17.0-1014.16~24.04.1 Available with Ubuntu Pro linux-image-realtime-hwe-24.04 6.17.0-1014.16~24.04.1 Available with Ubuntu Pro linux-image-virtual-6.17 6.17.0-35.35~24.04.1 linux-image-virtual-hwe-24.04 6.17.0-35.35~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8371-1 CVE-2026-31676, CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46300, CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328, CVE-2026-47329, CVE-2026-47330, CVE-2026-47332, CVE-2026-47333, CVE-2026-47334, CVE-2026-47337 Package Information: https://launchpad.net/ubuntu/+source/linux/6.17.0-35.35 https://launchpad.net/ubuntu/+source/linux-aws/6.17.0-1017.17 https://launchpad.net/ubuntu/+source/linux-azure/6.17.0-1017.17 https://launchpad.net/ubuntu/+source/linux-oracle/6.17.0-1016.16 https://launchpad.net/ubuntu/+source/linux-raspi/6.17.0-1018.18 https://launchpad.net/ubuntu/+source/linux-realtime/6.17.0-1014.16 https://launchpad.net/ubuntu/+source/linux-azure-6.17/6.17.0-1017.17~24.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-6.17/6.17.0-35.35~24.04.1 https://launchpad.net/ubuntu/+source/linux-nvidia-6.17/6.17.0-1021.21 https://launchpad.net/ubuntu/+source/linux-oem-6.17/6.17.0-1024.24 https://launchpad.net/ubuntu/+source/linux-oracle-6.17/6.17.0-1016.16~24.04.1 https://launchpad.net/ubuntu/+source/linux-realtime-6.17/6.17.0-1014.16~24.04.1 . Urgent updates for Ubuntu users address multiple flaws in the Linux kernel impacting security and stability.. Linux Kernel Updates, Ubuntu Security Fixes, Privilege Escalation, Memory Management Issues,Local Attacker Risks. . Severity: Critical. LinuxSecurity.com Team
Jun 02, 2026
•Critical
Ubuntu
172
security advisoryprivilege escalationUbuntuUbuntu 26.04 LTS Major Privilege Escalation Vulnerabilities USN-8370-1
Several security issues were fixed in the Linux kernel.. ========================================================================== Ubuntu Security Notice USN-8370-1 June 02, 2026 linux, linux-aws, linux-gcp, linux-ibm, linux-nvidia, linux-oracle, linux-raspi, linux-realtime vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-nvidia: Linux kernel for NVIDIA systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-realtime: Linux kernel for Real-time systems Details: It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a memory leak when handling AppArmornotifications. A local attacker could use this to cause resource exhaustion. (CVE-2026-47326) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel oops. (CVE-2026-47327) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an invalid free when handling AppArmor notifications. A local attacker could use this to corrupt kernel memory. (CVE-2026-47328) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained insufficient validation of AppArmor notification responses. A local attacker could use this to allow crafted responses to be processed. (CVE-2026-47329) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used an uninitialized variable when handling AppArmor notifications. A local attacker could use this to cause incorrect caching of data. (CVE-2026-47330) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause information disclosure of kernel memory. (CVE-2026-47332) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause kernel memory corruption and, theoretically, influence processing of AppArmor policies. (CVE-2026-47333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained incorrect holding of locks when handling AppArmor notifications. A local attacker could use this to cause a kernel panic or deadlock. (CVE-2026-47334) Tristan Madani and Trevor Lawrence have each independently discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference when handling AppArmor network socket mediation. A local attacker could use this to cause a kernel oops. (CVE-2026-47337) A security issue wasdiscovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - RDS protocol; (CVE-2026-43494) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS linux-image-7.0.0-1005-gcp 7.0.0-1005.5 linux-image-7.0.0-1005-gcp-64k 7.0.0-1005.5 linux-image-7.0.0-1005-oracle 7.0.0-1005.5 linux-image-7.0.0-1005-oracle-64k 7.0.0-1005.5 linux-image-7.0.0-1006-aws 7.0.0-1006.6 linux-image-7.0.0-1006-aws-64k 7.0.0-1006.6 linux-image-7.0.0-1007-ibm 7.0.0-1007.7 linux-image-7.0.0-1009-nvidia 7.0.0-1009.9 linux-image-7.0.0-1009-nvidia-64k 7.0.0-1009.9 linux-image-7.0.0-1011-raspi 7.0.0-1011.11 linux-image-7.0.0-1011-raspi-realtime 7.0.0-1011.11 linux-image-7.0.0-22-generic 7.0.0-22.22 linux-image-7.0.0-22-generic-64k 7.0.0-22.22 linux-image-7.0.0-22-realtime 7.0.0-22.22.1 linux-image-7.0.0-22-realtime-64k 7.0.0-22.22.1 linux-image-aws 7.0.0-1006.6 linux-image-aws-64k 7.0.0-1006.6 linux-image-aws-64k-7.0 7.0.0-1006.6 linux-image-aws-7.0 7.0.0-1006.6 linux-image-gcp 7.0.0-1005.5 linux-image-gcp-64k 7.0.0-1005.5 linux-image-gcp-64k-7.0 7.0.0-1005.5 linux-image-gcp-7.0 7.0.0-1005.5 linux-image-generic 7.0.0-22.22 linux-image-generic-64k 7.0.0-22.22 linux-image-generic-64k-7.0 7.0.0-22.22 linux-image-generic-64k-hwe-26.04 7.0.0-22.22 linux-image-generic-7.0 7.0.0-22.22 linux-image-generic-hwe-26.04 7.0.0-22.22 linux-image-ibm 7.0.0-1007.7 linux-image-ibm-7.0 7.0.0-1007.7 linux-image-nvidia 7.0.0-1009.9 linux-image-nvidia-64k 7.0.0-1009.9 linux-image-nvidia-64k-7.0 7.0.0-1009.9 linux-image-nvidia-7.0 7.0.0-1009.9 linux-image-oracle 7.0.0-1005.5 linux-image-oracle-64k 7.0.0-1005.5 linux-image-oracle-64k-7.0 7.0.0-1005.5 linux-image-oracle-7.0 7.0.0-1005.5 linux-image-raspi 7.0.0-1011.11 linux-image-raspi-7.0 7.0.0-1011.11 linux-image-raspi-realtime 7.0.0-1011.11 linux-image-raspi-realtime-7.0 7.0.0-1011.11 linux-image-realtime 7.0.0-22.22.1 linux-image-realtime-64k 7.0.0-22.22.1 linux-image-realtime-64k-7.0 7.0.0-22.22.1 linux-image-realtime-64k-hwe-26.04 7.0.0-22.22.1 linux-image-realtime-7.0 7.0.0-22.22.1 linux-image-realtime-hwe-26.04 7.0.0-22.22.1 linux-image-virtual 7.0.0-22.22 linux-image-virtual-7.0 7.0.0-22.22 linux-image-virtual-hwe-26.04 7.0.0-22.22 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8370-1 CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503, CVE-2026-45998, CVE-2026-46000, CVE-2026-46300, CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328, CVE-2026-47329, CVE-2026-47330, CVE-2026-47332, CVE-2026-47333, CVE-2026-47334, CVE-2026-47337 Package Information: https://launchpad.net/ubuntu/+source/linux/7.0.0-22.22 https://launchpad.net/ubuntu/+source/linux-aws/7.0.0-1006.6 https://launchpad.net/ubuntu/+source/linux-gcp/7.0.0-1005.5 https://launchpad.net/ubuntu/+source/linux-ibm/7.0.0-1007.7 https://launchpad.net/ubuntu/+source/linux-nvidia/7.0.0-1009.9 https://launchpad.net/ubuntu/+source/linux-oracle/7.0.0-1005.5 https://launchpad.net/ubuntu/+source/linux-raspi/7.0.0-1011.11 https://launchpad.net/ubuntu/+source/linux-realtime/7.0.0-22.22.1 . Address critical Linux kernel issues affecting Ubuntu 26.04 LTS. Tackle local privilege escalation risks today.. Linux kernel, Ubuntu security, memory leak fixes, privilege escalation, system vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jun 02, 2026
•Critical
Ubuntu
100
security advisorySuSEimportantSUSE Wireshark Important Security Updates CVE-2026-5401 to CVE-2026-7379
An update that solves 29 vulnerabilities can now be installed.. # Security update for wireshark Announcement ID: SUSE-SU-2026:2203-1 Release Date: 2026-06-01T10:03:24Z Rating: important References: * bsc#1263725 * bsc#1263726 * bsc#1263727 * bsc#1263728 * bsc#1263731 * bsc#1263732 * bsc#1263734 * bsc#1263736 * bsc#1263737 * bsc#1263739 * bsc#1263740 * bsc#1263742 * bsc#1263743 * bsc#1263744 * bsc#1263745 * bsc#1263746 * bsc#1263747 * bsc#1263750 * bsc#1263752 * bsc#1263753 * bsc#1263754 * bsc#1263756 * bsc#1263758 * bsc#1263759 * bsc#1263762 * bsc#1263765 * bsc#1263766 * bsc#1263767 * bsc#1263809 Cross-References: * CVE-2026-5401 * CVE-2026-5403 * CVE-2026-5404 * CVE-2026-5405 * CVE-2026-5406 * CVE-2026-5407 * CVE-2026-5408 * CVE-2026-5653 * CVE-2026-5656 * CVE-2026-5657 * CVE-2026-6519 * CVE-2026-6520 * CVE-2026-6521 * CVE-2026-6522 * CVE-2026-6523 * CVE-2026-6526 * CVE-2026-6527 * CVE-2026-6529 * CVE-2026-6530 * CVE-2026-6532 * CVE-2026-6534 * CVE-2026-6535 * CVE-2026-6538 * CVE-2026-6867 * CVE-2026-6868 * CVE-2026-6869 * CVE-2026-6870 * CVE-2026-7378 * CVE-2026-7379 CVSS scores: * CVE-2026-5401 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5401 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5403 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5404 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5404 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5404 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5405 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5405 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5406 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5406 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5407 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5408 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5408 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5653 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5653 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-5653 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5656 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-5656 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5656 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-5657 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5657 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-5657 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6519 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6519 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6519 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6520 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6520 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6520 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6521 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6521 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6522 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6522 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6523 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6523 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6526 ( SUSE ): 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6526 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6527 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6527 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6529 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6529 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6530 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6530 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6532 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6532 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6534 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6534 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6535 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6535 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6538 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6538 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6867 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6867 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-6869 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6869 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6870 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-6870 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7378 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7378 ( NVD ): 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7378 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-7379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7379 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-7379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 29 vulnerabilities can now be installed. ## Description: This update for wireshark fixes the following issues * CVE-2026-5401: AFP dissector crash (bsc#1263756). * CVE-2026-5403: SBC audio codec crash (bsc#1263765). * CVE-2026-5404: K12 RF5 file parser crash (bsc#1263766). * CVE-2026-5405: RDP dissector crash (bsc#1263767). * CVE-2026-5406: FC-SWILS dissector crash (bsc#1263754). * CVE-2026-5407: SMB2 dissector infinite loop (bsc#1263753). * CVE-2026-5408: BT-DHT dissector crash (bsc#1263752). * CVE-2026-5653: DCP-ETSI dissector crash (bsc#1263750). * CVE-2026-5656: Profile import crash and possible code execution (bsc#1263809). * CVE-2026-5657: iLBC audio codec crash (bsc#1263747). * CVE-2026-6519: MBIM protocol dissector infinite loop (bsc#1263746). * CVE-2026-6520: OpenFlow v6 protocol dissector infinite loop (bsc#1263745). * CVE-2026-6521: OpenFlow v5 protocol dissector infinite loops (bsc#1263744). *CVE-2026-6522: RPKI-Router protocol dissector infinite loop (bsc#1263743). * CVE-2026-6523: GNW protocol dissector infinite loop (bsc#1263742). * CVE-2026-6526: RTSP protocol dissector crash (bsc#1263740). * CVE-2026-6527: ASN.1 PER dissector crash (bsc#1263739). * CVE-2026-6529: iLBC audio codec crash (bsc#1263737). * CVE-2026-6530: DCP-ETSI protocol dissector crash (bsc#1263736). * CVE-2026-6532: Kismet protocol dissector crash (bsc#1263734). * CVE-2026-6534: USB HID dissector infinite loop (bsc#1263732). * CVE-2026-6535: Dissection engine zlib decompression crash (bsc#1263731). * CVE-2026-6538: BEEP dissector crash (bsc#1263728). * CVE-2026-6867: SMB2 protocol dissector crash (bsc#1263727). * CVE-2026-6868: HTTP protocol dissector crash (bsc#1263762). * CVE-2026-6869: WebSocket protocol dissector crash (bsc#1263726). * CVE-2026-6870: GSM RP protocol dissector crash (bsc#1263725). * CVE-2026-7378: Sharkd utility crash (bsc#1263759). * CVE-2026-7379: Sharkd utility memory leak (bsc#1263758). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2203=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2203=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2203=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2203=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2203=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2203=1 * SUSE Linux EnterpriseServer for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2203=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2203=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 *libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 *libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * libwiretap12-debuginfo-3.6.24-150000.3.133.1 * wireshark-debuginfo-3.6.24-150000.3.133.1 * libwireshark15-3.6.24-150000.3.133.1 * wireshark-devel-3.6.24-150000.3.133.1 * wireshark-ui-qt-3.6.24-150000.3.133.1 * libwsutil13-3.6.24-150000.3.133.1 * wireshark-3.6.24-150000.3.133.1 * libwsutil13-debuginfo-3.6.24-150000.3.133.1 * wireshark-debugsource-3.6.24-150000.3.133.1 * libwireshark15-debuginfo-3.6.24-150000.3.133.1 * wireshark-ui-qt-debuginfo-3.6.24-150000.3.133.1 * libwiretap12-3.6.24-150000.3.133.1 ## References: * https://www.suse.com/security/cve/CVE-2026-5401.html * https://www.suse.com/security/cve/CVE-2026-5403.html * https://www.suse.com/security/cve/CVE-2026-5404.html * https://www.suse.com/security/cve/CVE-2026-5405.html * https://www.suse.com/security/cve/CVE-2026-5406.html * https://www.suse.com/security/cve/CVE-2026-5407.html * https://www.suse.com/security/cve/CVE-2026-5408.html * https://www.suse.com/security/cve/CVE-2026-5653.html * https://www.suse.com/security/cve/CVE-2026-5656.html * https://www.suse.com/security/cve/CVE-2026-5657.html * https://www.suse.com/security/cve/CVE-2026-6519.html * https://www.suse.com/security/cve/CVE-2026-6520.html *https://www.suse.com/security/cve/CVE-2026-6521.html * https://www.suse.com/security/cve/CVE-2026-6522.html * https://www.suse.com/security/cve/CVE-2026-6523.html * https://www.suse.com/security/cve/CVE-2026-6526.html * https://www.suse.com/security/cve/CVE-2026-6527.html * https://www.suse.com/security/cve/CVE-2026-6529.html * https://www.suse.com/security/cve/CVE-2026-6530.html * https://www.suse.com/security/cve/CVE-2026-6532.html * https://www.suse.com/security/cve/CVE-2026-6534.html * https://www.suse.com/security/cve/CVE-2026-6535.html * https://www.suse.com/security/cve/CVE-2026-6538.html * https://www.suse.com/security/cve/CVE-2026-6867.html * https://www.suse.com/security/cve/CVE-2026-6868.html * https://www.suse.com/security/cve/CVE-2026-6869.html * https://www.suse.com/security/cve/CVE-2026-6870.html * https://www.suse.com/security/cve/CVE-2026-7378.html * https://www.suse.com/security/cve/CVE-2026-7379.html * https://bugzilla.suse.com/show_bug.cgi?id=1263725 * https://bugzilla.suse.com/show_bug.cgi?id=1263726 * https://bugzilla.suse.com/show_bug.cgi?id=1263727 * https://bugzilla.suse.com/show_bug.cgi?id=1263728 * https://bugzilla.suse.com/show_bug.cgi?id=1263731 * https://bugzilla.suse.com/show_bug.cgi?id=1263732 * https://bugzilla.suse.com/show_bug.cgi?id=1263734 * https://bugzilla.suse.com/show_bug.cgi?id=1263736 * https://bugzilla.suse.com/show_bug.cgi?id=1263737 * https://bugzilla.suse.com/show_bug.cgi?id=1263739 * https://bugzilla.suse.com/show_bug.cgi?id=1263740 * https://bugzilla.suse.com/show_bug.cgi?id=1263742 * https://bugzilla.suse.com/show_bug.cgi?id=1263743 * https://bugzilla.suse.com/show_bug.cgi?id=1263744 * https://bugzilla.suse.com/show_bug.cgi?id=1263745 * https://bugzilla.suse.com/show_bug.cgi?id=1263746 * https://bugzilla.suse.com/show_bug.cgi?id=1263747 * https://bugzilla.suse.com/show_bug.cgi?id=1263750 * https://bugzilla.suse.com/show_bug.cgi?id=1263752 * https://bugzilla.suse.com/show_bug.cgi?id=1263753 * https://bugzilla.suse.com/show_bug.cgi?id=1263754 * https://bugzilla.suse.com/show_bug.cgi?id=1263756 * https://bugzilla.suse.com/show_bug.cgi?id=1263758 * https://bugzilla.suse.com/show_bug.cgi?id=1263759 * https://bugzilla.suse.com/show_bug.cgi?id=1263762 * https://bugzilla.suse.com/show_bug.cgi?id=1263765 * https://bugzilla.suse.com/show_bug.cgi?id=1263766 * https://bugzilla.suse.com/show_bug.cgi?id=1263767 * https://bugzilla.suse.com/show_bug.cgi?id=1263809 . SUSE has released an updated version of Wireshark to tackle 29 significant vulnerabilities, boosting overall system security and protection. wireshark security update, SUSE vulnerabilities, wireshark issues, important security patch. . Severity: Important. LinuxSecurity.com Team
Jun 01, 2026
•Important
SuSE
202
security advisorymoderateheap overflowopenSUSE perl-YAML-Syck Moderate Security Update 2026-0180-1
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for perl-YAML-Syck ______________________________________________________________________________ Announcement ID: openSUSE-SU-2026:0180-1 Rating: moderate References: #1252111 #1259757 Cross-References: CVE-2025-11683 CVE-2026-4177 CVSS scores: CVE-2025-11683 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for perl-YAML-Syck fixes the following issues: updated to 1.450.0 (1.45) see /usr/share/doc/packages/perl-YAML-Syck/Changes * 1.45 Apr 23 2026 [Bug Fixes] - Fix: use syck_base64_free() to fix Windows "Free to wrong pool" crash in base64 encode/decode buffers; also plugs a memory leak (PR #189) - Fix: clear type tag on blessed scalar alias early-return so the stale tag no longer leaks onto the next emitted item (GH #193, PR #194) - Fix: negative float#base60 values produce wrong results; strip sign before accumulating and avoid negative zero for portable stringification (PR #191) - Fix: prevent memory leaks when Load/LoadJSON croak on parse errors (PR #192) [Maintenance] - Test: add coverage for SortKeys and JSON MaxDepth (PR #188) - Test: add error handling coverage for LoadFile/DumpFile (PR #190) - Update README updated to 1.440.0 (1.44) see /usr/share/doc/packages/perl-YAML-Syck/Changes * 1.44 Apr 02 2026 [Bug Fixes] - Fix: positive hex and octal values parsed as 0 with ImplicitTyping (PR #187) - Fix: resolve uintptr_t redefinition error on Win64 MinGW (PR #186) * 1.43 Apr 01 2026 [Bug Fixes] - Fix: preventresource leaks on croak/early-return paths in Dump (PR #161) - Fix: prevent output SV leaks on croak in Dump/DumpFile callers (PR #163) - Fix: Load() in list context returns empty list for empty/undef input; also applies to LoadBytes and LoadUTF8 (GH #164, PR #165) - Fix: DumpCode serializes prototype string instead of code body (PR #168) - Fix: memory leak in !perl/scalar Load newRV_inc should be newRV_noinc (PR #170) - Fix: add pTHX_ to SAVEDESTRUCTOR_X callback for threaded Perl (GH #175, PR #176) - Fix: add TODO guard for eval_pv leak on Perl < 5.14 (GH #179, PR #180) - Fix: negative hex and octal values parsed as 0 with ImplicitTyping (PR #183) - Fix: negative int#base60 values produce unsigned wraparound (PR #185) [Improvements] - Modernize META_MERGE for CPANTS compliance (PR #162) - Fix hash table size handling and remove compile warnings in syck_st (PR #174) [Maintenance] - Restore TODO guard for Dump code leak test on Perl < 5.26 (PR #167) - Resolve 2010 TODO in perl_json_postprocess with test coverage (PR #166) - CI: upgrade actions to resolve Node.js 20 deprecation warnings (PR #177) * 1.42 Mar 27 2026 [Bug Fixes] - Fix: replace strtok() with strpbrk() and fix sign-compare warnings in perl_syck.h (PR #145) - Fix: terminate plain scalars at document boundaries --- and ... (PR #150) - Fix: skip %TAG and %YAML directives in document header (PR #151) - Fix: plug SV leak when eval_pv croaks on bad perl/code blocks (PR #153) - Fix: allow non-specific tag '!' before block scalars (GH #27, PR #102) - Fix: remove spurious %type for indent_open in gram.y (GH #157, PR #158) - Fix: use modern bison %define api.prefix directive (GH #159, PR #160) [Improvements] - Implement YAML mergekey (
May 30, 2026
•moderate
OpenSUSE
217
security advisorysecurity issueimportantOracle Linux 8 ELSA-2026-50275 Kernel Important Security Update
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-50275 http://linux.oracle.com/errata/ELSA-2026-50275.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-core-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-debug-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-debug-core-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-debug-devel-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-debug-modules-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-debug-modules-extra-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-devel-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-doc-5.15.0-318.199.3.6.el8uek.noarch.rpm kernel-uek-modules-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-modules-extra-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-container-5.15.0-318.199.3.6.el8uek.x86_64.rpm kernel-uek-container-debug-5.15.0-318.199.3.6.el8uek.x86_64.rpm aarch64: bpftool-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-core-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-debug-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-debug-core-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-devel-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-doc-5.15.0-318.199.3.6.el8uek.noarch.rpm kernel-uek-modules-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-container-5.15.0-318.199.3.6.el8uek.aarch64.rpm kernel-uek-container-debug-5.15.0-318.199.3.6.el8uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-318.199.3.6.el8uek.src.rpm RelatedCVEs: CVE-2025-54518 CVE-2026-23193 CVE-2026-23216 CVE-2026-31431 CVE-2026-43284 Description of changes: [5.15.0-318.199.3.6] - xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39368252] {CVE-2026-43284} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39368252] {CVE-2026-43284} - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39368491] {CVE-2025-54518} [5.15.0-318.199.3.5] - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39312618] - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39312618] - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39312618] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39312618] - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39312618] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39312618] - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39312618] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39312618] - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39312618] - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 39312608] {CVE-2026-23216} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 39312602] {CVE-2026-23193} [5.15.0-318.199.3.4] - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Sean Christopherson) [Orabug: 39150890] - vfio: Adapt to upstream uAPI for VFIO_PRECOPY_INFO_REINIT (Maciej S. Szmigiero) [Orabug: 39150887] [5.15.0-318.199.3.3] - vfio/mlx5: Add REINIT support to VFIO_MIG_GET_PRECOPY_INFO (Yishai Hadas) [Orabug: 39110129] - vfio/mlx5: consider inflight SAVE during PRE_COPY(Yishai Hadas) [Orabug: 39110129] - net/mlx5: Add IFC bits for migration state (Yishai Hadas) [Orabug: 39110129] - vfio: Adapt drivers to use the core helper vfio_check_precopy_ioctl (Yishai Hadas) [Orabug: 39110129] - vfio: Add support for VFIO_DEVICE_FEATURE_MIG_PRECOPY_INFOv2 (Yishai Hadas) [Orabug: 39110129] - vfio: Define uAPI for re-init initial bytes during the PRE_COPY phase (Yishai Hadas) [Orabug: 39110129] _______________________________________________ El-errata mailing list
May 29, 2026
•Important
Oracle
202
security advisorybuffer overflowimportantopenSUSE Leap 16.0 libsndfile Critical Memory Leak CVE 2026-20787-1
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for libsndfile ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20787-1 Rating: important References: * bsc#1248458 * bsc#1256702 * bsc#1263695 Cross-References: * CVE-2025-52194 * CVE-2025-56226 * CVE-2026-37555 CVSS scores: * CVE-2025-52194 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2025-52194 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2025-56226 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-56226 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-37555 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-37555 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircam_read_header function of file src/ircam.c when processing malformed IRCAM audio files (bsc#1248458). - CVE-2025-56226: memory leak in the `mpeg_l3_encoder_init()` function of `mpeg_l3_encode.c` (bsc#1256702). - CVE-2026-37555: IMA-ADPCM integer overflow (bsc#1263695). Changes for libsndfile: Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-793=1 Package List: - openSUSE Leap 16.0: libsndfile-devel-1.2.2-160000.4.1 libsndfile-progs-1.2.2-160000.4.1 libsndfile1-1.2.2-160000.4.1 References: *https://www.suse.com/security/cve/CVE-2025-52194.html * https://www.suse.com/security/cve/CVE-2025-56226.html * https://www.suse.com/security/cve/CVE-2026-37555.html . Update resolves important issues for libsndfile in openSUSE, addressing critical flaws and bugs.. openSUSE libsndfile update important fix. . Severity: Important. LinuxSecurity.com Team
May 25, 2026
•Important
OpenSUSE
89
security advisoryfedoraformat stringFedora 42 Coturn 4.11.0 Advisory for Fixes on Memory Leak Format-String
Coturn 4.11.0 Fix prometheus response memory leak introduced in 4.10.0 Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC Fix format-string injection in Redis DB driver Abort on malformed allowed/denied-peer-ip at startup. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-dfa8ea5809 2026-05-18 01:23:32.591546+00:00 -------------------------------------------------------------------------------- Name : coturn Product : Fedora 42 Version : 4.11.0 Release : 1.fc42 URL : https://github.com/coturn/coturn/ Summary : TURN/STUN & ICE Server Description : The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying TURN extension - RFC 6156 - IPv6 extension for TURN - Experimental DTLS support as client protocol. STUN specs: - RFC 3489 - "classic" STUN - RFC 5389 - base "new" STUN specs - RFC 5769 - test vectors for STUN protocol testing - RFC 5780 - NAT behavior discovery support The implementation fully supports the following client-to-TURN-server protocols: - UDP (per RFC 5766) - TCP (per RFC 5766 and RFC 6062) - TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 - DTLS (experimental non-standard feature) Supported relay protocols: - UDP (per RFC 5766) - TCP (per RFC 6062) Supported user databases (for user repository, with passwords or keys, if authentication is required): - SQLite - MySQL - PostgreSQL - Redis Redis can also be used for status and statistics storage and notification. Supported TURN authentication mechanisms: - long-term - TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications) The load balancing can be implemented withthe following tools (either one or a combination of them): - network load-balancer server - DNS-based load balancing - built-in ALTERNATE-SERVER mechanism. -------------------------------------------------------------------------------- Update Information: Coturn 4.11.0 Fix prometheus response memory leak introduced in 4.10.0 Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC Fix format-string injection in Redis DB driver Abort on malformed allowed/denied-peer-ip at startup Pin session origin only after MESSAGE-INTEGRITY validates Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux Drop udp_relay_servers_number config and clean up dead UDP id-space Add Unity-based unit test scaffolding Delete log line per relay thread on start Out of bound HTTP detection in parser Extend STUN client fuzz builder coverage Extend fuzzing coverage and enable local fuzzing in a container Cover all public stun_buffer.c wrappers in FuzzStunClient HTTP parsing fixes Unblock fuzz coverage for is_http and rare STUN attributes Seed address-mapping table in fuzz initializer Add deterministic challenge-response builder to FuzzStun Add fuzz coverage for integrity helpers Hoist turn_server_get_engine() out of per-packet hot path Inline addr_cpy() in the header Trim two redundant checks from per-packet relay hot path Inline get_ioa_addr_len() in the header Cache hot lookups in TURN data-path handlers Load generator mode in turnutils_uclient Filc harness and pointer typedefs -------------------------------------------------------------------------------- ChangeLog: * Sat May 9 2026 Robert Scheck - 4.11.0-1 - Upgrade to 4.11.0 (#2466643) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2466643 - coturn-4.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466643 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-dfa8ea5809' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 18, 2026
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!